Total
182 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0278 | 1 Hcltech | 1 Traveler | 2025-10-10 | N/A | 4.3 MEDIUM |
| HCL Traveler is affected by an internal path disclosure in a Windows application when the application inadvertently reveals internal file paths, in error messages, debug logs, or responses to user requests. | |||||
| CVE-2025-59447 | 2025-10-08 | N/A | 2.2 LOW | ||
| The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials. | |||||
| CVE-2025-44823 | 2025-10-08 | N/A | 9.9 CRITICAL | ||
| Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475. | |||||
| CVE-2024-45549 | 1 Qualcomm | 320 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 317 more | 2025-10-06 | N/A | 7.7 HIGH |
| Information disclosure while creating MQ channels. | |||||
| CVE-2025-58579 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration. | |||||
| CVE-2025-58583 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| The application provides access to a login protected H2 database for caching purposes. The username is prefilled. | |||||
| CVE-2025-58585 | 2025-10-06 | N/A | 5.3 MEDIUM | ||
| Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering. | |||||
| CVE-2025-27149 | 1 Zulip | 1 Zulip Server | 2025-09-27 | N/A | 2.7 LOW |
| Zulip server provides an open-source team chat that helps teams stay productive and focused. Prior to 10.0, the data export to organization administrators feature in Zulip leaks private data. The collection of user-agent types identifying specific integrations or HTTP libraries (E.g., ZulipGitlabWebhook, okhttp, or PycURL) that have been used to access any organization on the server was incorrectly included in all three export types, regardless of if they were used to access the exported organization or not. The "public data" and "with consent" exports metadata including the titles of some topics in private channels which the administrator otherwise did not have access to, and none of the users consented to exporting and metadata for which users were in a group DM together. This vulnerability is fixed in 10.0. | |||||
| CVE-2025-60167 | 2025-09-26 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in honzat Page Manager for Elementor allows Retrieve Embedded Sensitive Data. This issue affects Page Manager for Elementor: from n/a through 2.0.5. | |||||
| CVE-2025-60092 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Shahjada Download Manager allows Retrieve Embedded Sensitive Data. This issue affects Download Manager: from n/a through 3.3.24. | |||||
| CVE-2025-60119 | 2025-09-26 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in CoSchedule CoSchedule allows Retrieve Embedded Sensitive Data. This issue affects CoSchedule: from n/a through 3.3.10. | |||||
| CVE-2025-36146 | 1 Ibm | 1 Watsonx.data | 2025-09-25 | N/A | 4.3 MEDIUM |
| IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. | |||||
| CVE-2025-57916 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Nurul Amin WP System Information allows Retrieve Embedded Sensitive Data. This issue affects WP System Information: from n/a through 1.5. | |||||
| CVE-2025-57937 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher allows Retrieve Embedded Sensitive Data. This issue affects WPeMatico RSS Feed Fetcher: from n/a through 2.8.10. | |||||
| CVE-2025-58015 | 2025-09-22 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Ays Pro Quiz Maker allows Retrieve Embedded Sensitive Data. This issue affects Quiz Maker: from n/a through 6.7.0.61. | |||||
| CVE-2025-58007 | 2025-09-22 | N/A | 4.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Social Pug allows Retrieve Embedded Sensitive Data. This issue affects Social Pug: from n/a through 1.35.1. | |||||
| CVE-2025-59582 | 2025-09-22 | N/A | 5.3 MEDIUM | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Darren Cooney Ajax Load More allows Retrieve Embedded Sensitive Data. This issue affects Ajax Load More: from n/a through 7.6.0.2. | |||||
| CVE-2025-49147 | 1 Umbraco | 1 Umbraco Cms | 2025-09-22 | N/A | 5.3 MEDIUM |
| Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information available is limited but would perhaps give some additional detail useful for someone attempting to brute force derive a user's password. This information was not exposed in Umbraco 7 or 8, nor in 14 or higher versions. The vulnerability is patched in versions 10.8.11 and 13.9.2. | |||||
| CVE-2025-6769 | 1 Gitlab | 1 Gitlab | 2025-09-20 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces. | |||||
| CVE-2025-2988 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-09-17 | N/A | 2.7 LOW |
| IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system. | |||||